{"id":95249,"date":"2026-04-14T09:00:14","date_gmt":"2026-04-14T16:00:14","guid":{"rendered":"https:\/\/github.blog\/changelog\/2026-04-13-sbom-exports-are-now-computed-asynchronously"},"modified":"2026-04-14T08:56:29","modified_gmt":"2026-04-14T15:56:29","slug":"sbom-exports-are-now-computed-asynchronously","status":"publish","type":[3522],"link":"https:\/\/github.blog\/changelog\/2026-04-14-sbom-exports-are-now-computed-asynchronously","title":{"rendered":"SBOM exports are now computed asynchronously"},"content":{"rendered":"\n

Software Bill of Materials (SBOM) exports from repository pages and new API endpoints are now asynchronous operations. Previously, navigating to a repository’s dependency graph page and clicking the Export SBOM<\/strong> button, or requesting an SBOM from the \/repos\/{owner}\/{repo}\/dependency-graph\/sbom<\/code> REST API had a hard-coded timeout value of ten seconds. This worked for most cases, but large repositories with complex dependency trees could often take longer to process. Further, multiple requests would spawn multiple independent back-end workers, with no guarantee that any would complete.<\/p>\n

Download SBOMs in your browser<\/span><\/a><\/h2>\n

Now, there’s a new web experience which polls for job completion and new API endpoints to match. These work asynchronously, eliminating timeouts. To use the new UI, navigate to a repository’s Insights<\/strong> tab, click Dependency Graph<\/strong>, then click Export SBOM<\/strong>. Once the file is ready, you’ll be able to download it from this page.<\/p>\n

API access to SBOMs<\/span><\/a><\/h2>\n

For API access, there are two new endpoints which work together to provide asynchronous access to SBOMs:<\/p>\n